Ema has submitted this change and it was merged. Change subject: tlsproxy: enable client/server TFO support in the kernel ......................................................................
tlsproxy: enable client/server TFO support in the kernel Enable client/server support for TCP Fast Open (TFO). The values (bitmap) are: 1: Enables sending data in the opening SYN on the client w/ MSG_FASTOPEN 2: Enables TCP Fast Open on the server side, i.e., allowing data in a SYN packet to be accepted and passed to the application before the 3-way hand shake finishes This is the first step towards enabling TCP Fast Open on tlsproxy. An nginx configuration change is also necessary (fastopen=N). Bug: T108827 Ref: https://www.rfc-editor.org/rfc/rfc7413.txt Change-Id: Id0b37f26225e26d94e31d6948f4679a9d80fdd41 --- M modules/tlsproxy/manifests/instance.pp 1 file changed, 16 insertions(+), 0 deletions(-) Approvals: Ema: Verified; Looks good to me, approved diff --git a/modules/tlsproxy/manifests/instance.pp b/modules/tlsproxy/manifests/instance.pp index e62d222..bbdcdf8 100644 --- a/modules/tlsproxy/manifests/instance.pp +++ b/modules/tlsproxy/manifests/instance.pp @@ -3,6 +3,22 @@ # Tune kernel settings include base::mysterious_sysctl + # Enable client/server TCP Fast Open (TFO) + # + # The values (bitmap) are: + # 1: Enables sending data in the opening SYN on the client w/ MSG_FASTOPEN + # 2: Enables TCP Fast Open on the server side, i.e., allowing data in + # a SYN packet to be accepted and passed to the application before the + # 3-way hand shake finishes + # + # Note that, despite the name, this setting is *not* IPv4-specific. TFO + # support will be enabled on both IPv4 and IPv6 + sysctl::parameters { 'TCP Fast Open': + values => { + 'net.ipv4.tcp_fastopen' => 3, + }, + } + $varnish_version4 = hiera('varnish_version4', false) $keepalives_per_worker = hiera('tlsproxy::localssl::keepalives_per_worker', 0) $websocket_support = hiera('cache::websocket_support', false) -- To view, visit https://gerrit.wikimedia.org/r/295331 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Id0b37f26225e26d94e31d6948f4679a9d80fdd41 Gerrit-PatchSet: 3 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Ema <e...@wikimedia.org> Gerrit-Reviewer: BBlack <bbl...@wikimedia.org> Gerrit-Reviewer: Ema <e...@wikimedia.org> Gerrit-Reviewer: Muehlenhoff <mmuhlenh...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
